Sunday, August 12, 2012

Learn't something the other day. We have a wordpress web site on hostable.com and the Domain Name is with Freeparking.

We have been having trouble with the url displaying in the browser. So you get "http://mydomain.com/" no matter what page is displayed - this is pretty useless if you want to bookmark a page.

Lots of web searching revealed that Freeparking cloak your site in a 100% frame - which is VERY bad form as search engines tend to ignore any frame based sites (we couldn't figure out why the site rated so poorley).

UNFORTUNATELY, in my case the admin user was unchanged (but I still can't log in) but one of the index.php files in the template was changed (you can see by the edit date on the server) though cleverly in code: starts like

? echo(stripslashes(base64_decode('PGh0bWw+ .....

Renaming the folder killed the site so the hack is in there somewhere and this was the only program with a different date that I could find.

At this stage I can either find the index.php file (which is pretty old) or reinstall Wordpress and import the main blog (which I will probably do as it was only my backup anyway).

I am guessing a flaw was found in one of the versions of WordPress and subsequently fixed by the WordPress people, however (as in my case) this was my backup blog and was quite old - so probably had the flaw still, and so wide open for the hack. My more recent one was left alone (so far) - this one. Can anyone confirm this???